- Security fix

Submitted by: eik Approved by: portmgr (eik) Obtained from: redhat
svn path=/head/; revision=118111
2024-11-23 00:43:28 +00:00 · 2004-09-04 19:28:25 +00:00 · 2004-09-04 19:28:25 +00:00 · 97c7224854 · 2021-03-31 03:12:20 +00:00
commit 97c7224854
parent 1b7e47de71
3 changed files with 217 additions and 1 deletions
--- a/archivers/lha/Makefile
+++ b/archivers/lha/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	lha
 PORTVERSION=	1.14i
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	archivers
 MASTER_SITES=	http://www2m.biglobe.ne.jp/~dolphin/lha/prog/
 DISTNAME=	${PORTNAME}-${PORTVERSION:S/.//}
--- a/archivers/lha/files/patch-command_buffer
+++ b/archivers/lha/files/patch-command_buffer
@ -0,0 +1,196 @@
+diff -urNp src/lha_macro.h.orig lha-114i/src/lha_macro.h
+--- src/lha_macro.h.orig	2004-08-03 15:53:56.000000000 -0500
+++ src/lha_macro.h	2004-08-03 15:54:05.000000000 -0500
+@@ -53,7 +53,7 @@
+ #define SEEK_SET		0
+ #define SEEK_CUR		1
+ #define SEEK_END		2
+-#endif	/* SEEK_SET
+#endif	/* SEEK_SET */
+ 
+ 
+ /* non-integral functions */
+diff -urNp src/lharc.c.orig lha-114i/src/lharc.c
+--- src/lharc.c.orig	2004-08-03 15:53:56.000000000 -0500
+++ src/lharc.c	2004-08-03 15:54:05.000000000 -0500
+@@ -830,9 +830,10 @@ find_files(name, v_filec, v_filev)
+ 	DIRENTRY       *dp;
+ 	struct stat     tmp_stbuf, arc_stbuf, fil_stbuf;
+ 
+-	strcpy(newname, name);
+	strncpy(newname, name, sizeof(newname));
+	newname[sizeof(newname)-1] = 0;
+ 	len = strlen(name);
+-	if (len > 0 && newname[len - 1] != '/')
+	if (len > 0 && newname[len - 1] != '/' && len < (sizeof(newname)-1))
+ 		newname[len++] = '/';
+ 
+ 	dirp = opendir(name);
+@@ -846,6 +847,11 @@ find_files(name, v_filec, v_filev)
+ 
+ 	for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) {
+ 		n = NAMLEN(dp);
+		if (len >= (sizeof(newname)-1) ||
+				(len+n) >= (sizeof(newname)-1) ||
+					 n  <= 0                   ||
+				(len+n) <= 0)
+			break;
+ 		strncpy(newname + len, dp->d_name, n);
+ 		newname[len + n] = '\0';
+ 		if (GETSTAT(newname, &fil_stbuf) < 0)
+@@ -903,7 +909,8 @@ build_temporary_name()
+ 		strcpy(temporary_name, TMP_FILENAME_TEMPLATE);
+ 	}
+ 	else {
+-		sprintf(temporary_name, "%s/lhXXXXXX", extract_directory);
+		snprintf(temporary_name, sizeof(temporary_name),
+			"%s/lhXXXXXX", extract_directory);
+ 	}
+ #ifdef MKSTEMP
+ 	mkstemp(temporary_name);
+@@ -913,10 +920,16 @@ build_temporary_name()
+ #else
+ 	char           *p, *s;
+ 
+-	strcpy(temporary_name, archive_name);
+	strncpy(temporary_name, archive_name, sizeof(temporary_name));
+	temporary_name[sizeof(temporary_name)-1] = 0;
+ 	for (p = temporary_name, s = (char *) 0; *p; p++)
+ 		if (*p == '/')
+ 			s = p;
+
+	if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1
+		<= strlen("lhXXXXXX"))
+			exit(-1);
+
+ 	strcpy((s ? s + 1 : temporary_name), "lhXXXXXX");
+ #ifdef MKSTEMP
+ 	mkstemp(temporary_name);
+@@ -1052,7 +1065,8 @@ open_old_archive()
+ 
+ 	if (open_old_archive_1(archive_name, &fp))
+ 		return fp;
+-	sprintf(expanded_archive_name, "%s.lzh", archive_name);
+	snprintf(expanded_archive_name, sizeof(expanded_archive_name),
+		"%s.lzh", archive_name);
+ 	if (open_old_archive_1(expanded_archive_name, &fp)) {
+ 		archive_name = expanded_archive_name;
+ 		return fp;
+@@ -1061,7 +1075,8 @@ open_old_archive()
+ 	 * if ( (errno&0xffff)!=E_PNNF ) { archive_name =
+ 	 * expanded_archive_name; return NULL; }
+ 	 */
+-	sprintf(expanded_archive_name, "%s.lzs", archive_name);
+	snprintf(expanded_archive_name, sizeof(expanded_archive_name),
+		"%s.lzs", archive_name);
+ 	if (open_old_archive_1(expanded_archive_name, &fp)) {
+ 		archive_name = expanded_archive_name;
+ 		return fp;
+diff -urNp src/lhext.c.orig lha-114i/src/lhext.c
+--- src/lhext.c.orig	2004-08-03 15:53:56.000000000 -0500
+++ src/lhext.c	2004-08-03 15:55:40.000000000 -0500
+@@ -82,7 +82,8 @@ make_parent_path(name)
+ 	register char  *p;
+ 
+ 	/* make parent directory name into PATH for recursive call */
+-	strcpy(path, name);
+	memset(path, 0, sizeof(path));
+	strncpy(path, name, sizeof(path)-1);
+ 	for (p = path + strlen(path); p > path; p--)
+ 		if (p[-1] == '/') {
+ 			*--p = '\0';
+@@ -212,9 +213,11 @@ extract_one(afp, hdr)
+ 	}
+ 
+ 	if (extract_directory)
+-		sprintf(name, "%s/%s", extract_directory, q);
+-	else
+-		strcpy(name, q);
+		snprintf(name, sizeof(name), "%s/%s", extract_directory, q);
+	else {
+		strncpy(name, q, sizeof(name));
+		name[sizeof(name) - 1] = '\0';
+	}
+ 
+ 
+ 	/* LZHDIRS_METHOD<4F><44><EFBFBD><EFBFBD><EFBFBD>ĥإå<D8A5><C3A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>å<EFBFBD><C3A5><EFBFBD><EFBFBD><EFBFBD> */
+@@ -335,7 +338,8 @@ extract_one(afp, hdr)
+ 			if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) == UNIX_FILE_SYMLINK) {
+ 				char            buf[256], *bb1, *bb2;
+ 				int             l_code;
+-				strcpy(buf, name);
+				strncpy(buf, name, sizeof(buf));
+				buf[sizeof(buf)-1] = 0;
+ 				bb1 = strtok(buf, "|");
+ 				bb2 = strtok(NULL, "|");
+ 
+@@ -365,9 +369,10 @@ extract_one(afp, hdr)
+ 				if (quiet != TRUE) {
+ 					printf("Symbolic Link %s -> %s\n", bb1, bb2);
+ 				}
+-				strcpy(name, bb1);	/* Symbolic's name set */
+				strncpy(name, bb1, 255);	/* Symbolic's name set */
+				name[255] = 0;
+ #else
+-				sprintf(buf, "%s -> %s", bb1, bb2);
+				sprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2);
+ 				warning("Can't make Symbolic Link", buf);
+ 				return;
+ #endif
+diff -urNp src/lhlist.c.orig lha-114i/src/lhlist.c
+--- src/lhlist.c.orig	2004-08-03 15:53:56.000000000 -0500
+++ src/lhlist.c	2004-08-03 15:54:05.000000000 -0500
+@@ -250,7 +250,8 @@ list_one(hdr)
+ 			printf(" %s", hdr->name);
+ 		else {
+ 			char            buf[256], *b1, *b2;
+-			strcpy(buf, hdr->name);
+			strncpy(buf, hdr->name, sizeof(buf));
+			buf[sizeof(buf)-1] = 0;
+ 			b1 = strtok(buf, "|");
+ 			b2 = strtok(NULL, "|");
+ 			printf(" %s -> %s", b1, b2);
+diff -urNp src/util.c.orig lha-114i/src/util.c
+--- src/util.c.orig	2004-08-03 15:53:56.000000000 -0500
+++ src/util.c	2004-08-03 15:54:05.000000000 -0500
+@@ -276,21 +276,27 @@ rmdir(path)
+ 	char           *path;
+ {
+ 	int             stat, rtn = 0;
+-	char           *cmdname;
+-	if ((cmdname = (char *) malloc(strlen(RMDIRPATH) + 1 + strlen(path) + 1))
+-	    == 0)
+	pid_t           child;
+
+
+	/* XXX thomas: shell meta chars in path could exec commands */
+	/* therefore we should avoid using system() */
+	if ((child = fork()) < 0)
+		return (-1);    /* fork error */
+	else if (child) {       /* parent process */
+		while (child != wait(&stat))    /* ignore signals */
+			continue;
+	}
+	else {                  /* child process */
+		execl(RMDIRPATH, "rmdir", path, (char *) 0);
+		/* never come here except execl is error */
+ 		return (-1);
+-	strcpy(cmdname, RMDIRPATH);
+-	*(cmdname + strlen(RMDIRPATH)) = ' ';
+-	strcpy(cmdname + strlen(RMDIRPATH) + 1, path);
+-	if ((stat = system(cmdname)) < 0)
+-		rtn = -1;	/* fork or exec error */
+-	else if (stat) {	/* RMDIR command error */
+-		errno = EIO;
+-		rtn = -1;
+ 	}
+-	free(cmdname);
+-	return (rtn);
+	if (stat != 0) {
+		errno = EIO;    /* cannot get error num. */
+		return (-1);
+	}
+	return (0);
+ }
+ 
+ /* ------------------------------------------------------------------------ */
--- a/archivers/lha/files/patch-dir_length_bounds_check
+++ b/archivers/lha/files/patch-dir_length_bounds_check
@ -0,0 +1,20 @@
+--- src/header.c	2002-07-19 17:23:58.000000000 +0900
+++ src/header.c	2004-06-16 09:49:23.000000000 +0900
+@@ -648,8 +648,17 @@
+ 	}
+ 
+ 	if (dir_length) {
+		if ((dir_length + name_length) > sizeof(dirname)) {
+			fprintf(stderr, "Insufficient buffer size\n");
+			exit(112);
+		}
+ 		strcat(dirname, hdr->name);
+-		strcpy(hdr->name, dirname);
+
+		if ((dir_length + name_length) > sizeof(hdr->name)) {
+			fprintf(stderr, "Insufficient buffer size\n");
+			exit(112);
+		}
+		strncpy(hdr->name, dirname, sizeof(hdr->name));
+ 		name_length += dir_length;
+ 	}